What You Need to Know About the Phishing

Cyber criminals have no shortage of tools at their disposal in their attempts to abuse and take advantage of those they set their sights on. Recently, however, it seems that more and more of them select email phishing as their weapon of choice. Knowing what email phising is, and how to avoid falling victim to it, is critical to a business’s survival. Fortunately, email phishing has a few distinct characteristics that can help to identify them.

Phishing is the attempt to obtain sensitive information such as: usernames, passwords, personal information, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an email. Spear Phishing attempts are directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most prolific on the internet today, accounting for 91% of all phishing attacks.

WHAT DOES A PHISHING THREAT LOOK LIKE?

The most recent attacks have included emails appearing to come from your business competitors. These emails include statements that ask you to open an attached pdf to view client lists, upcoming projects, etc. These PDF attachments has instructions to click a link to view the document. If the link is clicked you will be taken to a web page asking for usernames, passwords, etc. to verify your identity.

Example:

Hello,

Please find the attached pdf file that contains our new upcoming projects. The file is secured so you'd need to login with your existing email to be able to download the document.Kindly review and let me know your opinion and suggestions if any.File is secured

John DoeManagerCompetitor, Inc.

Examples of Spear Phishing

Examples of Phishing

HOW TO DETECT A PHISHING EMAIL

Don’t trust the display nameA favorite phishing tactic among cybercriminals is to spoof the display name of an email.

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

Since My Bank doesn’t own the domain “secure.com,” This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

Look but don’t clickHover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Check for spelling mistakesBrands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Analyze the salutationIs the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Beware of urgent or threatening language in the subject lineInvoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Review the signatureLack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Don’t click on attachmentsIncluding malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Don’t trust the header from email addressFraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.

Don’t believe everything you seePhishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

If you are not sure if and email is legitimate, you are going to need help. At BrightWire Networks, our dedicated technicians can help show you how to identify phishing emails. If you have questions about phishing or email security of any kind, or if you simply would like tips on how to best protect your data and infrastructure, call us today at (360) 528-6017.

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.